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Almost every web-based application is managed and operated through a 
number of websites, each of which is vulnerable to cyber-attacks that are 
mounted across the same networks used by the applications, with much less 
risk to the attacker than physical attacks. Such web-based attacks make use 
of a range of modern techniques-such as structured query language injection 
(SQLi), cross-site scripting, and data tampering-to achieve their aims. 
Among them, SQLi is the most popular and vulnerable attack, which can be 
performed in one of two ways; either by an outsider of an organization 
(known as the outside attacker) or by an insider with a good knowledge of 
the system with proper administrative rights (known as the inside attacker). 
An inside attacker, in contrast to an outsider, can take down the system 
easily and pose a significant challenge to any organization, and therefore 
needs to be identified in advance to mitigate the possible consequences. 
Blockchain-based technique is an efficient approach to detect and mitigate 
SQLi attacks and is widely used these days. Thus, in this study, a hybrid 
method is proposed that combines a SQL query matching technique 
(SQLMT) and a standard blockchain framework to detect SQLi attacks 
created by insiders. The results obtained by the proposed hybrid method 
through computational experiments are further validated using standard web 
validation tools. 
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1. INTRODUCTION 


Web-based applications play a significant role in global and national economies and are receiving 
attention in a range of business-related activities [1], [2]. The success and advantages of web-based 
applications drive business at a greater speed and provide one of the promising research areas in modern 
times. Despite their significant advantages, web-based applications are vulnerable to cyber-attacks due to the 
ease of access to users’ web-based applications are therefore inherently vulnerable [3]. 

A basic web application infrastructure consists of a front-end, back-end and communication service 
between the front-end and the back end. Front-end services are usually open for public access to submit 
requests to the back end via the communication service, and the back-end is commonly supported through 
database applications such as MySQL, SQLite, or Microsoft access [4], [5]. The inside attackers with 
administrative privilege, appropriate access control models and with knowledge of authentication details pose 
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a significant threat to the organizations since they can modify the back-end system through tampering and 
altering data [6]. According to recent reports [7]-[10], handling inside attackers is very critical to 
organizations. In most methods, the strategies considered are simplistic and often retrieve values in such a 
way that the database does not require any validation, which leads to a mismatch, which in turn leads to 
attackers being able to access vulnerabilities. Further, attackers leave no footprint to allow them to be tracked 
after the event. In addition, the insider can attack the system either in an active or passive approach. An 
active approach involves tampering the original data to alter the database query results, and a passive 
approach includes unethical access and data usage. Thus, protecting the information of the database from 
inside attackers has become a non-trivial and very important issue that poses a significant challenge and is 
considered an important problem in this space. 

Structured query language injection (SQLi) attack is considered one of the major vulnerabilities for 
web applications due to its straightforward impact on back-end databases and is reported in a number of 
applications and recent research findings [11], [12]. An SQLi attack can occur when the user sends malicious 
commands or simple modified texts to exploit the system and hence causes serious consequences such as data 
loss, system damage and possible denial of access to the authorized users [13]. This injection attack requires 
longer processing times for the remedial processes to fix the injected flaws in the code or in the back-end 
system. SQLi can also be very dangerous if the attacker can gain success by injecting anonymous users into 
the target system. It is observed that the usage of web-based applications is enormously increasing these days 
in different organizations such as federal, local, and state government based, commercial and educational. 
Hence, to ensure security, it is really important to come up with an efficient and simple technique that will be 
easy to implement. The study carried out in this paper focus on this technique. 

In recent times, blockchain-based approaches have been proposed to handle unwanted cyber-attacks 
like phishing attacks, social engineering attacks, malware attacks, cryptocurrency [14], and web 
vulnerabilities. Blockchain is a decentralized ledger-based technology that works on a network of distributed 
nodes and ensures data security without relying on trusted third parties. Technically, a blockchain is a linked 
list where each node is called a block. Blocks are connected to each other cryptographically, and the first 
block in the list is known as the genesis block [15]. The next blocks after the genesis block contain the 
transaction information and other metadata such as a timestamp (which provides information of linkage in 
terms of the cryptographic hash chain of the network). Some of the key advantages of blockchain technology 
in cybersecurity are decentralization, confidentiality, integrity, sustainability, and its tracking and tracing 
capability. 

Hence, in this paper, SQLi vulnerabilities are considered the basis of cyber-attack on web-based 
applications. A solution is proposed to address the problem mentioned above by combining a SQL query 
matching technique (SQLMT) and a blockchain framework to detect malicious queries generated by an 
inside attacker. Even though some works reported related to SQL query-based approaches, the proposed 
solution mentioned here is a new and efficient approach. The key differences between this work with the 
existing ones are outlined below. In summary, contributions stemming from this research article are: i) a 
modified SQLMT is proposed for comparing the queries received, ii) a blockchain-based technique is 
integrated with a database for query filtering, and iii) to justify the appropriateness of this proposed approach, 
two publicly available web applications, a dataset and some established validation tools are considered for 
experimental analysis. 

The rest of the paper is organized. Section 2 provides the motivation and relevant insight for this 
research, focusing on the significance of the SQLi attack. This also gives the reader some more information 
related to the research. Section 3 describes the different components of the proposed method. Section 4 
presents the implementation details of the proposed method, and section 5 describes the computational 
experiments conducted along with a comparative analysis of the computational experiment carried out, and 
finally, section 6 concludes the paper. 


2. LITERATURE REVIEW 

Web-based applications connect billions of people around the globe and serve their needs in various 
business and financial activities. Databases are considered the most commonly used storage mechanisms for 
these web-based applications. Various constraints such as foreign key constraints, data types of specific 
attributes, access control mechanisms, and firewalls are imposed on information access for security reasons. 
However, despite these impediments, the information stored in the databases can still be compromised 
through web application interfaces. Typically, compromise can take place through any one of the injection 
vulnerabilities such as cross-site scripting, SQLi, XML injection, XPath Injection, and HTTP response 
splitting. 
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SQLi attacks have increased over the years [16] and considerable research has been conducted to 
detect, identify, and mitigate SQLi attacks. For instance, Warszawski and Bailis [17] presented an SQLi 
prevention technique using MySQL database parser that detects and terminates malicious queries injected by 
the attacker. A technique based on the syntactic structure of SQL statements was developed in [18] that used 
a comparison mechanism for the queries. The comparison was performed between the queries that are 
provided by the user and the resultant query generated by the proposed system. A query matching approach 
was developed to detect illegal queries. Meanwhile, Thome et al. [19] built a query model and used it to 
check the queries received from the user. An SQLi prevention system was proposed in which the queries 
were transformed to strings prior to execution. This way, the authors attempted to consider the malicious 
queries as data instead of SQL commands to allow them some space to avoid detecting false alarms [20]. A 
similar approach was presented by Sharma and Jain [21], while they analyzed the syntactic structure of the 
SQL query [22]. Consequently, they developed a model for SQLi detection based on the integration of the 
client and server-side of the web platform. They used a filtering technique for the client-side and an entropy 
based query detection mechanism for the server-side [23]. 

Most of these existing research approaches have focused on using validation functions and using 
web application firewalls integrating with predefined statements. Mostly, these methods monitor and block 
SQL queries generated by outside attackers, but the mitigation strategy is made without having knowledge of 
the database to process them. Another aspect of vulnerabilities is frequent tampering of database information 
by attackers through modification and update of fields and tuples. These can be readily performed by a user 
who has privileged and administrative access to the database. One of the other shortcomings is that the 
proposed methods discussed above fail to distinguish between the original query and the malicious query. 
The monitoring and the inspection are done based on simplistic assumptions about the database operations. 
For example, they assume that the values retrieved from the database do not require any validation. This 
semantic mismatch leads to vulnerabilities. 

The blockchain has stronger cryptographic features than the standard database system due to its 
strong immutable feature. Once data is written in a block or a transaction is performed, it cannot be easily 
updated or modified unless an agreement takes place between all the participants. The agreement between the 
participants is achieved by mathematical algorithms and helps to achieve synergy within the network. If any 
update takes place, it is logged as an updated transaction that supports traceability [24], which is one of the 
bases of fair communication between the network nodes. Although blockchain is a decentralized database 
technology that guarantees data immutability and modification resistance from an insider, there is still a 
chance that data can be altered by removing the proof of the user having the appropriate rights and privileges. 

It is observed that many efforts have been vested in securing web-based applications. However, due 
to the lack of appropriate authentication techniques, the existing approaches are immune to injection threats, 
and the malicious codes can be easily bypassed by the system. Hence, in this study, integrating the SQLMT 
and blockchain framework together is proposed to help the system to inhibit inside attackers attempting SQLi 
attacks. This study considers a publicly available blockchain framework, multichain stream [25], and MySQL 
database by integrated them into the proposed method. 


3. PROPOSED METHOD 

The block diagram of the proposed methodology is shown in Figure 1, and the steps are described in 
detail in the following sub-sections. However, a brief description is provided here before addressing the 
detail. Firstly, the user submits a request through an SQL query to the system through the application 
interface. The query is then fed to the proposed framework, which identifies it as an external query (EQ) and 
checks its validity through the external query type (EQtype) checking system. The user or the internal 
attacker generates EQ. Next, EQs are checked with respect to the internal query type (IQtype). IQtype is the 
internal queries that are stored in the internal query model. At this stage, the structure of the EQs is checked 
to see if it is syntactically and grammatically corrected with respect to IQtypes, using the SQL query 
matching technique. Suppose the structure of EQ is correct and matches the relevant query within the model. 
In that case, it is forwarded to the query integrity checking system, which is a combination of blockchain 
framework and database. This is performed to ensure that the system is not compromised and that the user’s 
request is verified. The main task is to check whether the EQ is making any unwanted modifications in the 
database (please refer to sub-section 3.1 for details). The blockchain mainly authenticates the query to make 
sure that it is not forged, and the user is not making any SQLi attacks. Before the result is returned to the 
user, the query is tracked as a valid query (i.e., type ‘a’ as shown in Figure 1 and stored in the log file for 
security purposes. The log file is a simple spreadsheet that is used manually to write the query types prior to 
returning the result to the user. This ensures the preservation of the data and performs this checking process 
to make sure that the inside attacker does not take over the data. If the matching process fails, then an SQLi 
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attack is reported. Finally, the query is identified as a malicious or invalid query (i.e., type ‘b’ as shown in 
Figure 1, and is stored in the log file, leading to the user request to be rejected. 


Proposed Framework 


Query Type 
matching process 


Query 


integrity check Database 


Query Type Check 
EQtype 


Internal 
Query 
Model 

(Qtype) 


Report SQLi 
attack (b) 


Log 
a. Valid query 
b. Invalid query 


Reject and no user 
communication 


Figure 1. Block diagram of the proposed method 


3.1. SQL query matching technique 

An SQL parser is used in this study to parse the incoming queries [26]. The parser can parse all 
kinds of symbols within the query based on lexical, semantic and syntactic analysis principles. Through this 
analysis, the query type can be determined to be select, insert, update or delete. In addition, the parser helps 
to identify whether the user injects any invalid parameter prior to submitting the query to the system. The 
malicious input can severely impact the database and the attacker may be able to take complete control. So, 
the query type is determined, and the parameters are checked in accordance with the following steps. In the 
below steps, SQLMT is described considering a select query and where clause. However, this simple 
technique works with other queries and clauses by making necessary modifications (making different 
combinations of clauses with the queries). 

First, the EQtype for select is checked with the help of the SQL parser. The SQL parser also checks 
if there are any additional input parameters or not. The rationale is that if the user modifies the query with an 
additional parameter, then the query structure is modified and changed, which indicates that an SQLi attack is 
in progress. On the other hand, if there are no such additional parameters detected with the help of SQL 
parser, then the query structure is left unmodified. Also, the parser calculates the number of tokens within the 
query. The characters after where clause in the EQtype query is extracted before proceeding to the next step. 
This is performed using a character extraction technique [27]. 

The query is then normalized to a simple statement by replacing any present encoded characters. 
This normalization is done to ensure that the query can be checked with respect to the query model without 
any complexity. In the query model, which is also used as the basis of query checking, the select query is 
modified prior to storing it there. For example, if there are any numeric parameters, the numbers are 
removed, the characters are removed for alphanumeric parameters so that a simple equivalence checking can 
be performed. This query is known as IQtype. 

Now, the two queries, EQtype and IQtype are compared, and if they match, it is considered that 
there is no attack as shown in Figure 1. To note, in this work, any kind of select query is tagged with a 
number, say “1”. For example, the IQtype with select queries will be under the group id=1. This id tagging 
procedure is undertaken for transparency so that the performance of the team members involved in the 
operations do not remain oblivious to their existence. Similarly, the id for insert is set to 2, update to 3, and 
delete to 4. If the query fails to match the similarity verification in terms of tokens and the structure, then the 
query is flagged. This flagged token and any kind of additional words are retained for further analysis. The 
analysis is performed so that the system can know about these malicious queries and identify the SQLi 
attacks if it takes place in future. 
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This method is simple and easy to implement and has some differences from existing approaches. 
Any algorithm tester can enter input characters whatever they want for testing the system, and the proposed 
technique does not require any white or blacklisting strategies. This also reduces the pressure on working 
with the query size. However, there is one limitation in the proposed technique: if any query consists of both 
parameters from the user (inside attacker), and the system tester, then the parameters specified by the latter 
person should be at the end. Also, the character extraction technique used here is not observed within the 
existing techniques. This helps to extract any kind of characters from the select, insert, update and delete 
queries and creates a straightforward avenue for the comparison process. 


3.2. Blockchain based integrity checking procedure 

This subsection describes the integrity checking procedure using multichain-based blockchain 
technology. The public key infrastructure (PKI) that exists within the framework is considered in this study. 
This is used so that the user’s public key (mechanism of the blockchain technology) can be retrieved by 
considering the unique identifier or primary key (i.e., employee_name). In order to integrate the blockchain 
with the MySQL database, some modifications are undertaken, as shown in Figure 2. 


block n-1 
hash (n-2) 
transaction 


block 
n hash (n-1) 


block n+1 
hash (n) 
transaction 


Block chain network 


transaction 


Data field1 Data field2 ... | Data fieldn Unique identifier id 


Modified database with two additional columns 


Figure 2. Modified database to integrate with the blockchain (multichain) 


The top part of the diagram in Figure 2 represents the nodes, the blocks of the blockchain network, 
and the table at the bottom represents the modified table of the MySQL database. The data fields on the 
left-hand side of the table are the fields or columns that store different information within the database. Two 
additional columns are inserted, one that will store the state of the transaction, and the other one represents 
the information of the unique identifier. The column transaction id, will store the id of the transaction of the 
blockchain corresponding to the database row. The unique identifier id column stores the id of the user who 
issues the EQtype query and consequently names the column as employee_name. The communication to 
handle the transactions is done through a secure communication protocol. The overall integrity checking 
procedure is performed. 

The application (multi-chain blockchain) extracts all the information related to the query (received 
from the SQLMT process) in the form of a tuple upon receiving a request from the user. For example, in the 
case of SELECT query, the value for all fields (columns) except the last two columns (transaction ID, and 
unique identifier ID) is extracted in a tuple. Assuming the tables in the database have a primary key, this key 
is concatenated along with the table name to generate the hash for the tuple. Next, the tuple is digitally signed 
using the user’s private key and stored in the blockchain log. In addition to this hashed tuple, a digital 
footprint for each tuple is generated and stored in the blockchain for further verification. The digital footprint 
is generated by concatenating the tuple ID along with each column value except the last two and adding 
another 256-bit hash. If there is any NULL value for an attribute, it is skipped, and the next non-NULL value 
attribute is added. The tuple is then broadcasted to the blockchain network as a transaction activity. The 
system then waits for the transaction to be retrieved in a block in the first blockchain and receives a number 
of confirmations as a part of consensus policy from the peers. The consensus policy is reached if the tuple 
that is traversed (part of the transaction) is verified with the stored corresponding digital footprint. If any 
modification takes place, it gets logged into the blockchain, and the update is stored. Hence, for every update, 
the blockchain has the accountability which can trace any sort of changes or modifications. This helps to 
identify the existence of any internal culprits and whether they have any bad intention to alter or modify. 
After the transaction has received the confirmations, the system then checks the signature of the user with 
respect to the existing PKI stored in the unique identifier column of the modified database. This signature 
matching is performed to make sure that the transaction is verified. 

Upon completing the verification, the system then retrieves the corresponding query from the 
internal log and modifies it by including the transaction id (transaction happened within the blockchain) of 
the user and sends the information to the database for the query. This integrity checking helps to determine 
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whether any unwanted activities are performed by an insider and if so, to filter them out. Also, it helps to 
block any unwanted transactions from execution. If there are unwanted activities, the query is passed 
smoothly through this process to generate the user request and send the expected result. The procedures incur 
some latency (time consumption) due to tuple integrity checks between the digital footprint and the tuple that 
has traversed through the network as a transaction. It is done for every tuple, and the latency is considered 
negligible to overweigh the integrity of the data. 


4. RESEARCH IMPLEMENTATION METHOD 

The implementation details considered for this work are described in this section. The web 
application considered in this work is a modified version of an online based human resource application 
(OHR) [28], [29], which has six vulnerable pages. However, on top of this, some additional vulnerable pages 
are created to check the authenticity of the proposed approach. 

The distributed blockchain, called the multi-chain framework, is considered in this work and 
stimulates the scenario that each participant in the web applications installs multi-chain in the network and 
then uses the proposed technique for connecting to the central multi-chain node. Each user is then assigned to 
a blockchain address for permission assignment. The permissions are distributed according to the main users 
addresses retrieved from the PKI, allowing them to append transactions and mine blocks. This enables the 
users to verify the transactions according to the proposed mechanism. The operational procedure of the 
overall proposed framework, including the SQLMT and blockchain process, is described in the next section. 
The performance throughput is also analyzed, and the results are shown in the following section. 

In addition to the web applications, a publicly available dataset is also considered here. The dataset 
is called HTTP dataset CSIC 2010 [27]. This dataset comprises many automatically generated web requests. 
This was developed at Spanish Research National Council. The dataset automatically generates 36,000 
normal HTTP requests and usually 25,000 unusual requests or more, and includes SQL injection attacks and 
other attacks such as file disclosure, parameter tampering, buffer overflow, and XSS. The efficiency of the 
proposed method is evaluated by considering these eight performance metrics: false acceptance rate (FAR), 
genuine acceptance rate (GAR), region of convergence (ROC) curve, true positive (TP), false negative (FN), 
precision, recall and f-measure [30], [31]. These metrics are used to determine how accurately the proposed 
method can detect the vulnerabilities in web applications. 

The approaches used for comparison in this study are: the approach proposed by Kumar and 
Pateriya called Alg1 [32], the approach proposed by Cho and Pan called Alg2 [33], the approach proposed by 
Liban and Hilles called Alg3 [34], and the approach proposed by Djuric called as Alg4 [35]. For the sake of 
simplification and understanding, thenceforth, the proposed algorithm is called as PrAlg. In order to validate 
the SQLMT process, other SQLi attacks [36], [37] are also considered in this study. The attacks are: 
commenting the code (SQLil), type mismatch (SQLi2), stacked query (SQLi3), union query (SQLi4), 
inference (SQLi5) and alternative query (SQLi6). The SQLi tools used are, Zap, Nikito, SQL inject me, and 
Wapiti. The metrics, precision, recall and F-measure are used to measure the performance of these tools with 
respect to the proposed hybrid approach. 


5. EXPERIMENTAL RESULTS AND DISCUSSION 

This section describes the computational simulations performed to obtain the results for this work. 
The first application considered is OHR, and some necessary modifications are made to this application for 
computational set-up. The database tables for this application correspond to the entities: administration, user 
information, scheduling users, departments, employee information, and employee scheduling. The 
relationships among them are established through the administration information table, which stores mainly 
the information about the executive team members. In this case, the cyber team members are assumed to be 
part of the administration. The table also stores the sensitive information about the employees that need to be 
protected. As described above, this table has two additional columns, one to hold the transactions and the 
other for the admin identifier. Restrictions to some other parts of the table are imposed using MySQL views 
preventing unwanted access. Now, the OHR application receives a query from the user, and then it is 
forwarded to the proposed system. First, the proposed system uses the SQLMT process for query checking 
and forwards to the blockchain. Once, the blockchain integrated database receives the query; it generates the 
hash of the tuple as described in subsection 3.2. Now, the row’s hash is signed, the signature is broadcasted 
through the network, and the system stores the actual query in its log. Next, this transaction is mined in a 
block and a certain number of confirmations are received so that the system can output the actual results, and 
the additional columns containing the transaction id and the admin information are updated. Once the update 
is performed, the verification is completed to check the authenticity. OHR retrieves the transaction 
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information using the help of the proposed framework and fetches the public key from the PKI using the 
identifier. The signature of this transaction is then verified with this public key, and if successful, as well as 
the hash of the data, matches with the one present in the transaction, then the user will be able to see the 
results. Otherwise, it will be flagged as SQLi attack, and the query will be rejected. To compare OHR 
vulnerabilities, the performance metrics discussed in the previous section are used. Table 1 shows the ability 
of SQLi detection results for the various algorithms and the various SQLi’s for the OHR application. The 
number “1” refers to the success of the specific SQLi detection, and “0” means the algorithm is not able to 
detect that specific SQLi. It is evident from the table that the proposed approach (i.e., PrAlg) can detect all 
the SQLi’s for the test application OHR. 

The execution time taken is also investigated for the proposed approach compared with the other 
algorithms. However, it is observed that, the proposed approach takes slightly longer times than the others 
due to the operational process of the blockchain, but not significantly so. For instance, while running the 
SELECT query using the integrity checking procedure, the proposed approach PrAlg consumed 0.575 second 
per row, and the other approaches Alg1, Alg2, Alg3 and Alg4 consumed 0.231, 0.331, 0.354, 0.421 seconds 
per row, respectively. This additional time is required due to some modifications required in the blockchain 
framework for the consensus protocol which needs to make necessary adjustments in the database. This 
requires some significant effort to ensure smooth transactions by leveraging the information from the queries 
to identify the SQLi attacks. The proposed approach is also implemented on the CSIC 2010 dataset to 
investigate its capability. On a good note, this proposed approach has achieved good results for the CSIC 
2010 dataset as well by comparing with Algl, Alg2, Alg3, and Alg4. The FAR and GAR scores achieved for 
this proposed approach are 10.12% and 78.45%, respectively. The scores for the other algorithms are: Alg1 
(FAR: 28.15%, GAR: 46.33%), Alg2 (FAR: 20.15%, GAR: 61.25%), Alg3 (FAR: 26.35%, GAR: 54.12%) 
and Alg4 (FAR: 30.53%, GAR: 41.12%). 


Table 1. SQLi detection ability of the proposed algorithm with respect to other algorithms for OHR 
Algorithm SQLil SQLi2  SQLi3  SQLi4  SQLi5 SQLi6 
0 


Alg1 1 1 0 1 0 
Alg2 1 1 0 1 1 1 
Alg3 1 1 1 1 1 0 
Alg4 1 1 1 0 0 0 
PrAlg 1 1 1 1 1 1 


5.1. Comparative analysis and improvement 

Although there are some similar works presented by the researchers using an SQL query matching 
technique, significant attention is required to identify the attacks. Thence, in this study, SQL query matching 
is integrated with multichain blockchain technology to achieve better results. In addition to the computational 
experiments conducted above, the time taken for each algorithm, including the proposed approach, is also 
observed. Also, to evaluate the effectiveness of the proposed approach, two algorithms Alg5 [38], and Alg6 
[39] have been considered for further evaluation. The performance measurements are shown in Table 2. 


Table 2. Performance measurements for the proposed approach with respect to other algorithms and methods 


Algorithm/Methods No of Execution time Total Execution time Detection Accuracy (in terms of F-measure) 
Alg1 7 445 0.2698 
Alg2 7 428 0.5435 
Alg3 7 411 0.3145 
Alg4 7 395 0.2196 
Algs 7 388 0.4465 
Alg6 7 421 0.3875 
Zap 7 422 0.5692 

Nikito 7 419 0.3563 
Wapiti 7 389 0.1851 
Sql Inject Me T; 380 0.1812 
PrAlg 7 491 0.9483 


Table 2 summarizes the performance evaluation of the approaches considered in this study. The 
second column in this table represents the number of times each approach is executed for the testing purpose. 
For example, the number 7 in the second column means that the application runs 7 times to collect an average 
data to observe the trade-off between the execution time and detection accuracy of the approaches. The 
number of runtimes has been determined hypothetically. The third column represents the execution time in 
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seconds taken by each of the algorithms to complete the task. This is the time elapsed between the user starts 
sending a request and finishing after receiving a reply from the system. In order to conduct these runs, google 
chrome is considered as a web browser for testing purposes. The table shows that the proposed approach 
consumes slightly more time than the others, which is insignificant in value. This extra time is rational since 
for the blockchain-based hybrid approach takes additional time to maintain atomicity, consistency and 
isolation properties of the database for any transactional queries of the blockchain. However, considering the 
web applications in this study, the transaction cost in terms of time is not too higher. The last column 
represents the capability of each algorithm in terms of detection accuracy, and the data shown here are the 
corresponding F-measure results, as discussed in the previous section. The results show that the proposed 
approach has a good detection capability (94.83%). 


6. CONCLUSION 

This paper proposes a hybrid framework that combines a query matching technique and blockchain 
technology to demonstrate the effectiveness in detecting a range of SQLi’s. This proposed approach will be 
helpful for any web-based applications, as it is able to detect SQLi attacks. Unlike other approaches, this 
proposed framework is quite simple to implement, but a small amount of additional computational time is 
required, as the framework requires a number of confirmations from the peers working on the blockchain 
mechanism. However, the incurred additional computational cost can be accepted as the query integrity 
checking process provides a better solution in detecting SQLi’s effectively. Besides the overhead issue 
mentioned earlier, another limitation of this work is that the approach sometimes fails to detect vulnerabilities 
if a dynamic attack pattern takes place. The performance of this proposed approach is measured using 
different metrics such as SQLi tools and a publicly available dataset, which shows the proposed approach can 
successfully detect all of the tested SQLi’s. In future, this work will be extended using a more in-depth 
analysis of blockchain technology and various other SQLi tools and considering complex web frameworks 
and applications. One aspect that will be emphasized is developing an automated solution for the database 
administrator focused on the query model to handle dynamic and complex queries. In addition, this work will 
be extended by testing the proposed approach and other methods on different web browsers. This will ensure 
that the method works across platforms and can detect SQLi attacks regardless of the type of web platform. 
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